[Python-Dev] Sandboxing Python
"Martin v. Löwis"
martin at v.loewis.de
Tue Mar 6 00:40:05 CET 2012
> I strongly disagree that sandbox is secure because it's "just
> segfaults" and "any code is exploitable that way". Finding segfaults
> in CPython is "easy". As in all you need is armin, a bit of coffee and
> a free day. Reasons for this vary, but one of those is that python is
> a large code base that does not have automatic ways of preventing such
> issues like C-level recursion.
>
> For a comparison, PyPy sandbox is a compiled from higher-level
> language program that by design does not have all sorts of problems
> described. The amount of code you need to carefully review is very
> minimal (as compared to the entire CPython interpreter). It does not
> mean it has no bugs, but it does mean finding segfaults is a
> significantly harder endeavour. There are no bug-free programs,
> however having for example to segfault an arbitrary interpreter
> *written* in Python would be significantly harder than one in C,
> wouldn't it?
While this may true, I can't conclude that we should stop fixing
crashers in CPython, or give up developing CPython altogether. While
it is a large code base, it is also a code base that will be around
for a long time to come, so any effort spend on this today will pay
off in the years to come.
Regards,
Martin
More information about the Python-Dev
mailing list